To be successful computer forensics investigator, you must be familiar with more than one computing platform.

TRUE

Computer investigations and forensics fall into the same category: public investigations.

FALSE

Advertisement

The law of search and seizure protects the rights of all people, excluding people suspected of crimes.

FALSE

Chain of custody is also known as evidence.

TRUE

You cannot use both multi-evidence and single-evidence forms in your investigation.

FALSE

Many attorneys like to have printouts of the data you have recovered, but printouts can present problems when you have log files with several and often involves running imaging software overnight and on weekends.

TRUE

If damage occurs to the computer forensics lab, it does not need to be repaired immediately.

FALSE

A good working practice is to use less powerful workstations for mundane tasks and multipurpose workstations for the higher-end analysis task.

TRUE

Computing systems in a forensics lab should be able to process typical cases in a timely manner

TRUE

The most common and time-consuming technique for preserving evidence is creating a duplicate copy of your evidence image file.

TRUE

Many acquisition tools don't copy data in the host protected area (HPA) of a disk drive.

TRUE

Advertisement

ISPs can investigate computer abuse committed by their customers.

FALSE

If a corporate investigator follows police instructions to gather additional evidence w/out a warrant, you run the risk of becoming an agent of law enforcement.

TRUE

A judge can exclude evidence obtained from a poorly worded warrant.

TRUE

A judge can exclude evidence obtained from a poorly worded warrant.

TRUE

Corporate investigators always have the authority to seize all computers equipments during a corporate investigation.

FALSE

The FBI ____ was formed in 1984 to handle the increasing number of cases involving digital evidence.

Computer Analysis and Response Team (CART)

____ involves recovering information from a computer that was deleted by mistake or lost during a power surge or server crash, for example.

Data recovery

In general, a criminal case follows three stages: the compliant, the investigation, and the _____.

Prosecution

In a criminal or public case, if you have enough information to support a search warrant, the prosecuting attorney may direct you to submit a ___.

Affidavit

Without a warning banner, employees might have an assumed ___ when using a company's computer system and network accesses.

Right of Privacy

Corporations often follow the ____ doctrine, which is what happens when a civilian or corporate investigative agent delivers evidence to a law officer

Silver-platter

Your ___ as a computer investigation and forensics analyst is critical because it determines your credibility.

Professional conduct

Maintaining ___ means you must form and sustain unbiased opinions of your cases.

Objectivity

The ___ is the route the evidence takes from the time you find it until the case is closed or goes to court.

Chain of custody.

To conduct your investigation and analysis, you must have a specially configured personal computer (PC) known as _____.

A forensic workstation

A ___ is a bit-by-bit copy of the original storage medium.

Bit-stream copy

Windows hard disks can now use a variety of file systems, including FAT16, FAT32, ___, and windows file system.

NFTS

___ was created by police officers who wanted to formalize credentials in computing investigations

IACIS

Defense contractors during the Cold War were required to shield sensitive computing systems and prevent electronic eavesdropping of any computer emissions. This shielding is called ___.

TEMPEST

For computer forensics, __ is the task of collecting digital evidence from electronic media

Data acquistion

The most common and flexible data-acquisition method is ____.

Disk-to-image file copy

Image files can be reduced by as much as ___% of the original

50

Microsoft has recently added ___ in its Vista Ultimate and Enterprise editions, which makes performing static acquisitions more difficult.

Whole disk encryption

___ records are data the system maintains, such as system log files and proxy server logs

Computer generated

Confidential business data included with the criminal evidence are referred to as ____ data.

commingled

___ is facts or circumstances that would lead a reasonable person to believe a crime has been committed or is about to be committed.

Probable cause

Environmental and __ issues are your primary concerns when you're working at the scene to gather information about an incident or a crime.

Safety

Courts consider evidence data in a computer as ___ evidence

Physical

Evidence is commonly lost of corrupted through ___, which involves police officers and other professionals who aren't pat of the crime scene processing team.